Professional Documents
Culture Documents
Postman For Api Testing: A Beginner'S Guide: Learn To Test Apis Like A Pro With Postman With Real-World Examples and Step-By-Step Guidance Parvin
Postman For Api Testing: A Beginner'S Guide: Learn To Test Apis Like A Pro With Postman With Real-World Examples and Step-By-Step Guidance Parvin
https://ebookmass.com/product/web-api-development-for-the-
absolute-beginner-a-step-by-step-approach-to-learning-the-
fundamentals-of-web-api-development-with-net-7-1st-edition-irina-
dominte/
https://ebookmass.com/product/the-absolute-beginners-guide-to-
html-and-css-a-step-by-step-guide-with-examples-and-lab-
exercises-1st-edition-kevin-wilson/
https://ebookmass.com/product/game-theory-an-introduction-with-
step-by-step-examples-ana-espinola-arredondo/
https://ebookmass.com/product/cashed-up-with-commercial-property-
a-step-by-step-guide-to-building-a-cash-flow-positive-portfolio-
helen-tarrant/
Learn Programming with C: An Easy Step-by-Step Self-
Practice Book for Learning C 1st Edition Imran
https://ebookmass.com/product/learn-programming-with-c-an-easy-
step-by-step-self-practice-book-for-learning-c-1st-edition-imran/
https://ebookmass.com/product/python-programming-for-
beginners-2-books-in-1-the-ultimate-step-by-step-guide-to-learn-
python-programming-quickly-with-practical-exercises-mark-reed/
https://ebookmass.com/product/integrated-behavioral-health-in-
primary-care-step-by-step-guidance-for-assessment-and-
intervention/
https://ebookmass.com/product/academic-conference-presentations-
a-step-by-step-guide-mark-r-freiermuth/
https://ebookmass.com/product/python-programming-3-books-
in-1-ultimate-beginners-intermediate-advanced-guide-to-learn-
python-step-by-step/
Contents Guide
~ Welcome & What You’ll Learn
~ Conclusion
Welcome & What You’ll Learn
Welcome fellow explorer, to the exciting world of API testing! If you’re
building applications, websites, or any system that interacts with other
programs online, understanding how to test APIs is a superpower. This book
is your comprehensive guide to mastering Postman, the go-to tool for
testing APIs like a seasoned professional.
What Exactly Are APIs?
APIs are the communication bridges of the digital world. Let’s break that
down:
● API stands for Application Programming Interface. Think of it
like a restaurant menu—it lists available ‘dishes’ (data or functions)
and helps you order them. Websites, mobile apps, or smart devices
use APIs to ‘order’ data or request actions from other systems.
Why API Testing?
Imagine you built a super-cool robot and want to make sure all its parts
work together. That’s precisely why we test APIs! Here’s what you gain
from testing APIs with Postman:
● Find problems early: Catching errors before your application goes
live saves you time, headaches, and potentially a LOT of unhappy
users.
● Keep things running smoothly: Ensure your application talks
correctly to other services it relies on. If a company updates their
weather API, you want to make sure your weather app still works!
● Build trust: Confidence that your application delivers on its
promises, boosting user loyalty and satisfaction.
What Makes Postman the Perfect Tool?
Postman is like the Swiss army knife for API testing. Here’s why it’s so
widely loved:
● Super beginner-friendly: No complex coding required to get
started. Start testing in minutes.
● Super powerful: As you learn, you’ll discover features for the most
complex testing scenarios.
● Collaboration dream: Workspaces allow teams to work together
and share knowledge easily.
● Widely used: Tons of online resources, tutorials, and help if you get
stuck.
Your Journey Ahead
This book unfolds in a carefully designed way to give you the strongest
foundation:
● The Basics: You’ll start with understanding Postman’s interface and
making your first API requests.
● API Actions: We’ll cover every essential aspect of creating,
reading, updating, and deleting data with APIs.
● Organize, Automate, and Test: Learn to streamline your work
with collections, scripts, and environments for efficiency.
● Data, Authorization & Beyond: Delve into data-driven testing,
securing your requests, and even automation using the command
line.
What You’ll Be Able to Do
By the end, you’ll transform into a true API testing pro, able to:
● Test any API out there, regardless of its complexity.
● Find hidden bugs that could break your application.
● Create detailed test reports for your team.
● Integrate API testing into your development process like a boss.
Are you ready for this adventure? If so, let’s dive into Chapter 2!
Further Resources
● Postman’s Official Getting Started Guide:
https://learning.postman.com/docs/getting-started/introduction/
● Postman Blog: https://blog.postman.com/ (Tons of helpful articles
here)
Section 1:
Introduction to Postman and API
Testing
Additional Resources
● Postman Learning Center: https://learning.postman.com/
● Postman Blog (Feature Announcements):
https://blog.postman.com/
Get Ready to Dive Deeper!
Now that you have a solid understanding of the core, we’re ready to build
practical API requests and master the art of API testing!
Initiating Your First API Request:
Basics Unraveled
Get ready to embark on an exciting API testing journey! In this chapter,
we’ll walk you through the step-by-step process of making your first API
request in Postman.
Step 1: Find a Beginner-Friendly API
For our practice, we’ll use a super simple API designed for testing:
● Reqres API: https://reqres.in/ (Provides user data)
Step 2: Start with a GET Request
● Create a New Request: Click the “+” button to create a new
request tab in Postman.
● Choose the HTTP Method: Select “GET” from the dropdown.
This is the most common method for retrieving data.
● Enter the URL: Paste the following in the request address bar:
[invalid URL removed]
● Explanation: This API will fetch user data. The ?page=2 part asks
for the second page of results.
Step 3: Hit the Send Button!
The moment of truth! Click the blue “Send” button. After a brief moment,
you should see a response appear below.
Step 4: Analyze the Response
Let’s break down the response:
● Status Code: This indicates success or failure. “200 OK” is the
goal!
● Response Body: Usually in JSON format, this contains the actual
data the API returned. In our case, it should be a list of users.
● Headers: Extra information about the response itself.
Step 5: Time to Experiment!
Let’s play around:
● Change the page number: Edit the URL, try a different page
value, and observe what changes in the response.
● Search the API Documentation: Find out if the Reqres API has
other endpoints (addresses) you can try.
Key Concepts (Explain in Sidebars or Callouts)
● API Endpoint: A specific “doorway” within an API. It’s part of the
URL after the main address (e.g., /users ).
● JSON: Stands for JavaScript Object Notation. It’s a common way
to structure data that APIs use, making it easy to read for both
humans and machines.
Troubleshooting Time
● Error Messages: If you get an error, Postman will show a status
code and a message. Use it as your starting point for solving the
problem. (Hint: Double-check the URL!)
● Postman Console: More advanced troubleshooting can be done in
the Postman Console (View -> Show Postman Console).
Additional Resources
● Reqres API Documentation: https://reqres.in/
● Introduction to REST APIs:
https://www.redhat.com/en/topics/api/what-is-a-rest-api
Onwards to More Complex Requests!
Congrats on your first successful API request! In the next chapter, we’ll
craft more sophisticated requests and dive deeper into the art of API testing.
Crafting Your Initial API Request: A
Step-by-Step Guide
In the previous chapter, you took your first steps with API requests. Now,
let’s get more deliberate. In this chapter, we’ll follow a structured process
for crafting different types of requests from the ground up.
Step 1: Understanding the API
Before diving into Postman, invest in these key questions:
● What does the API do? Get a high-level overview of its purpose.
● Documentation: Is there an API documentation page? It’s your
instruction manual! (Tip: Search online for “ documentation”)
● Authentication: Does it require any keys or login credentials? Get
those ready.
Step 2: Setting the Stage in Postman
1. New Request: Create a new request tab in Postman (click the
+).
2. HTTP Method: Determine the action you want to take:
Common Pitfalls
● Incorrect Content-Type: Double-check the API documentation for
what it expects.
● Invalid Data: The API likely has validation rules. Refer to its
documentation to ensure your data is correct.
● Authorization Issues: Some POST endpoints require
authentication.
Practice Time: API Signup
1. Find an API with a Signup Endpoint: Websites with free
trials are a good bet (make sure they have a test mode!).
2. Read the Docs: Determine the endpoint, required data format,
and authentication needs.
3. Craft your POST: Create a POST request to sign up a new test
user.
Now, each time you send the POST request, Postman will substitute a new
random value, which is great for testing.
Technique 4: Beyond JSON
While JSON is king, sometimes APIs accept other formats:
● XML: Postman can handle this. Choose ‘XML’ in the Body tab’s
formatting.
● form-data: Designed for mimicking web form submissions.
● x-www-form-urlencoded Another way to format forms, common
in older APIs.
Pro Tip: Read the Docs THOROUGHLY
The best way to master advanced POST techniques is to carefully study the
API’s documentation. Pay attention to:
● Acceptable Formats: What kind of data can you send in the POST
body?
● Special Headers: There might be unique headers for file uploads or
other actions.
Exercise: Advanced Signup Form
1. Find an Advanced API: Look for an API that lets you create
user accounts with a nested address structure or allows profile
picture uploads.
2. Study the Docs: Dissect the required data format and any
specific instructions.
3. Build Your POST: Employ the right techniques to craft a
powerful POST request.
Additional Resources
● Working with Files in Postman:
https://learning.postman.com/docs/sending-requests/supported-api-
frameworks/file-upload/#sending-files
● Complex JSON Structures:
https://www.w3schools.com/js/js_json_objects.asp
Next: Updates with PUT and PATCH
Now that you can create data with POST, the next step is learning how to
modify existing data with the PUT and PATCH requests!
Managing Resources: Understanding
PUT & PATCH Requests
Let’s say you’ve created a user profile with a POST request. Now, you need
to change their information. That’s where PUT and PATCH come in.
PUT: The Resource Replacer
● Usage: Completely replace an existing resource.
● Method: Set the HTTP method to ‘PUT’.
● URL: Target the specific resource’s endpoint (Example:
https://example.com/api/resource/123)
● Body: Send the FULL updated data with all fields, whether you’re
changing them or not.
Example: Fully Overwriting a Blog Post
Imagine you need to completely replace a blog post. Your PUT request
might look like this:
{
"id": 123,
"title": "My NEW Amazing Post",
"content": "Updated content goes here...",
"author": "Your Name"
}
Additional Resources
● HTTP PUT Method: https://developer.mozilla.org/en-
US/docs/Web/HTTP/Methods/PUT
● HTTP PATCH Method: https://developer.mozilla.org/en-
US/docs/Web/HTTP/Methods/PATCH
● REST API Design (PUT vs. PATCH): https://restfulapi.net/rest-
put-vs-patch/
Things to Consider
● Permissions: Are you authorized to delete the resource?
● Cascading Deletes: Does deleting the resource also remove
associated data? This behavior varies greatly between APIs.
● Success Responses:
○ 200 OK (Resource deleted)
○ 202 Accepted (Deletion may be asynchronous)
○ 204 No Content (Successful deletion, no data to return)
● Idempotent, But… Repeated DELETE requests may have different
responses (e.g., 204 the second time since the resource is gone).
DELETE in Practice
Let’s imagine you want to delete a blog post with the ID 123:
● Method: DELETE
● URL: https://example.com/blog/posts/123
● Check Authorization
Cautionary Tales
● Accidental Deletion: Double-check your URLs! Test in non-
production environments first.
● Orphan Data: APIs without cascading deletes might leave behind
fragments of related data.
Pro Tip: “Soft Delete”
Some APIs implement a “soft delete” where the resource is marked as
deleted but not actually removed from the database. This may allow for
recovery later.
Hands-On Challenge
1. Find an API with DELETE Capability: Look for endpoints
allowing deletion of test users, posts, etc.
2. Documentation!: Understand the API’s deletion behavior and
authorization.
3. Intentional Errors: Test deleting non-existent resources to
observe error codes.
4. Inspect Responses: Check the response status codes and any
returned data.
Additional Resources
● HTTP DELETE Method: https://developer.mozilla.org/en-
US/docs/Web/HTTP/Methods/DELETE
● API Design: Hard delete vs. Soft delete:
https://nordicapis.com/api-design-101-hard-delete-vs-soft-delete/
Congratulations! Mastering CRUD
You can now Create, Read, Update, and Delete data using an API. That’s a
powerful skill!
Up Next: Organizing with Collections
Let’s move on to organizing your API requests and test suites with Postman
Collections for improved workflows and streamlined testing!
Section 3:
Organizing with Collections
Example Collections
● E-commerce API:
○ Collection: Product Management
○ Requests: Get Product, Add Product, Update Product Price,
etc.
● Weather API:
○ Collection: Forecast Retrieval
○ Requests: Get Current Weather (location parameter), Get 5-
day Forecast, etc.
Get Ready to Build
Collections don’t build themselves! Here’s a quick exercise to kick things
off:
1. Existing Requests: Look at requests you built in previous
chapters. Can you group them into logical collections?
2. API Documentation Study: Structure your collections to
mirror the functionality or major sections of the API you’re
working with.
Additional Resources
● Postman Collections Guide:
https://learning.postman.com/docs/sending-requests/intro-to-
collections/
● Organizing Your API Work with Collections:
https://learning.postman.com/docs/designing-and-developing-your-
api/the-api-workflow/organizing-your-api-work-with-collections/
Up Next: Building Your First Collection
Let’s get our hands dirty. In the next chapter, we’ll walk step-by-step
through creating and structuring your first Postman collection!
1. CSV File:
username, password
user123, testpass
testuser, securepassword
2. Variables: Create {{username}} and {{password}} . We’ll
cover the specifics of importing files in a later chapter.
Explanation
● pm. Accesses the Postman scripting API.
● test() Creates a test with a name and a function to run.
● pm.response.to.have.status(200) Is a built-in assertion to check the
response status code.
Additional Resources
● Postman Learning Center: Scripting
https://learning.postman.com/docs/writing-scripts/intro-to-scripts/
● Postman Sandbox API Reference:
https://learning.postman.com/docs/writing-scripts/script-
references/postman-sandbox-api-reference/
Optimization Techniques
Technique 1: Script Structure
● Functions: Break down repetitive or complex logic into reusable
functions. This improves readability and makes your scripts easier
to maintain.
● Modularization: If your scripts become very long, consider
dividing them into smaller scripts that can be executed in sequence
within a collection. This promotes organization.
● Comments: Liberally use comments to explain intricate code
blocks or unconventional logic. This will be incredibly helpful when
you revisit your scripts later or if others need to understand them.
Technique 2: Efficient Variable Handling
● Setting Variables: Use pm.environment.set() or
pm.collectionVariables.set() to set environment and collection level
variables respectively. Avoid setting them repeatedly within
individual requests.
● Accessing Variables: Direct access (e.g.,
pm.environment.get("myVar") ) is generally faster than repeatedly
parsing the same JSON response to extract a value.
● Temporary Variables: When you need a variable for a very short-
term calculation, opt for a local variable to minimize overhead.
Technique 3: Asynchronous Awareness (Advanced)
● Promises: Use promises to manage asynchronous API calls within
your scripts in a structured way. Promises enhance code readability
when dealing with responses that happen “out of order”.
● Await: If you’re comfortable with modern JavaScript, the ‘await’
keyword can make handling asynchronous actions even cleaner,
letting you write code that looks more synchronous while retaining
efficient asynchronous behavior.
Example: Optimized Response Parsing
Instead of this in every single test:
var jsonData = pm.response.json();
pm.environment.set("userId", jsonData.data.id);
Do this once in a Pre-request script and then directly access the variable
when needed:
pm.environment.set("userId", pm.response.json().data.id);
Gerth spake:
16. “Bid the man come in, | and drink good mead
Here within our hall;
Though this I fear, | that there without
My brother’s slayer stands.
[113]
Skirnir spake:
Gerth spake:
Skirnir spake:
Gerth spake:
Skirnir spake:
Gerth spake:
Skirnir spake:
[118]
[119]
Gerth spake:
Skirnir spake:
Gerth spake:
41. “Tell me, Skirnir, | ere thou take off the saddle,
Or farest forward a step:
What hast thou done | in the giants’ dwelling
To make glad thee or me?”
[120]
Skirnir spake:
Freyr spake:
43. “Long is one night, | longer are two;
How then shall I bear three?
Often to me | has a month seemed less
Than now half a night of desire.”
[107]
[Contents]
NOTES
[108]
Prose. Freyr: concerning his father, Njorth, and the race of the
Wanes in general, cf. Voluspo, 21 and note. Snorri thus describes
Njorth’s family: “Njorth begat two children in Noatun; the son was
named Freyr, and the daughter Freyja; they were fair of aspect and
mighty. Freyr is the noblest of the gods; he rules over rain and
sunshine, and therewith the fruitfulness of the earth; it is well to call
upon him for plenty and welfare, for he rules over wealth for
mankind. Freyja is the noblest of the goddesses. When she rides to
the fight, she has one-half of the slain, and Othin has half. When she
goes on a journey, she drives her two cats, and sits in a cart. Love-
songs please her well, and it is good to call on her in love-matters.”
Hlithskjolf: Othin’s watch-tower; cf. Grimnismol, introductory prose.
He said: both manuscripts have “Then Skathi said:” (Skathi was
Njorth’s wife), but Bugge’s emendation, based on Snorri’s version, is
doubtless correct.
1. My son: both manuscripts, and many editors, have “our son,”
which, of course, goes with the introduction of Skathi in the prose. As
the stanza is clearly addressed to Skirnir, the change of pronouns
seems justified. The same confusion occurs in stanza 2, where
Skirnir in the manuscripts is made to speak of Freyr as [109]“your
son” (plural). The plural pronoun in the original involves a metrical
error, which is corrected by the emendation.
4. Elfbeam: the sun, so called because its rays were fatal to elves
and dwarfs; cf. Alvissmol, 35.
16. Brother’s slayer: perhaps the brother is Beli, slain by Freyr; the
only other references are in Voluspo, 53, and in Snorri’s paraphrase
of the Skirnismol, which merely says that Freyr’s gift of his sword to
Skirnir “was the reason why he was weaponless when he met Beli,
and he killed him bare-handed.” Skirnir himself seems never to have
killed anybody. [113]
19. Apples: the apple was the symbol of fruitfulness, and also of
eternal youth. According to Snorri, the goddess Ithun had charge of
the apples which the gods ate whenever they felt themselves
growing old. [114]
21. Ring: the ring Draupnir (“Dropper”) was made by the dwarfs for
Othin, who laid it on Baldr’s pyre when the latter’s corpse was
burned (cf. Voluspo, 32 and note, and Baldrs Draumar). Baldr,
however, sent the ring back to Othin from hell. How Freyr obtained it
is nowhere stated. Andvari’s ring (Andvaranaut) had a similar power
of creating gold; cf. Reginsmol, prose [115]after stanza 4 and note.
Lines 3 and 4 of this stanza, and the first two of stanza 22, are
missing in the Arnamagnæan Codex.
27. Eagle’s hill: the hill at the end of heaven, and consequently
overlooking hell, where the giant Hræsvelg sits “in an eagle’s guise,”
and makes the winds with his wings; cf. Vafthruthnismol, 37, also
Voluspo, 50. The second line is faulty in both manuscripts;
Hildebrand’s emendation corrects the error, but omits an effective
touch; the manuscript line may be rendered “And look and hanker for
hell.” The Arnamagnæan Codex breaks off with the fourth line of this
stanza.
30. In Regius and in nearly all the editions the first two lines of this
stanza are followed by lines 3–5 of stanza 35. I have followed
Niedner, Sijmons, and Gering. The two words here translated vile
things are obscure; Gering renders the phrase simply “Kobolde.”
32. No gap indicated in the manuscript; Niedner makes the line here
given as 4 the first half of line 3, and fills out the stanza thus: “with
which I will tame you, / Maid, to work my will.” The whole stanza
seems to be either interpolated or out of place; it would fit better after
stanza 25.
34. Most editors reject line 3 as spurious, and some also reject line
6. Lines 2 and 3 may have been expanded out of a single line
running approximately “Ye gods and Suttung’s sons.” Suttung:
concerning this giant cf. Hovamol, 104 and note. [118]
35. Most editors combine lines 1–2 with stanza 36 (either with the
first two lines thereof or the whole stanza), as lines 3–5 stand in the
manuscript after line 2 of stanza 30. Hrimgrimnir (“The Frost-
Shrouded”): a giant not elsewhere mentioned. Line 5, as a repetition
of line 4, is probably a later addition.
36. For the combination of this stanza with the preceding one, cf.
note on stanza 35. The scribe clearly did not consider that the stanza
began with line 1, as the first word thereof in the manuscript does not
begin with a capital letter and has no period before it. The first word
of line 3, however, is so marked. Line 5 may well be spurious.
37. Again the scribe seems to have been uncertain as to the stanza
divisions. This time the first line is preceded by a period, but begins
with a small letter. Many editors have made line 2 [119]into two half-
lines. A charm: literally, the rune Thurs (þ); the runic letters all had
magic attributes; cf. Sigrdrifumol, 6–7 and notes.
Introductory Note
The Harbarthsljoth is found complete in the Codex Regius, where it
follows the Skirnismol, and from the fourth line of stanza 19 to the
end of the poem in the Arnamagnæan Codex, of which it occupies
the first page and a half.
The poem differs sharply from those which precede it in the Codex
Regius, both in metrical form and in spirit. It is, indeed, the most
nearly formless of all the Eddic poems. The normal metre is the
Malahattr (cf. Introduction, where an example is given). The name of
this verse-form means “in the manner of conversation,” and the
Harbarthsljoth’s verse fully justifies the term. The Atli poems
exemplify the conventional use of Malahattr, but in the Harbarthsljoth
the form is used with extraordinary freedom, and other metrical
forms are frequently employed. A few of the speeches of which the
poem is composed cannot be twisted into any known Old Norse
metre, and appear to be simply prose.
Owing to the chaotic state of the text, and the fact that none of the
editors or commentators have succeeded in improving it much, I
have not in this case attempted to give all the important emendations
and suggestions. The stanza-divisions are largely arbitrary.
[Contents]
[123]
Thor spake:
Thor spake:
[124]
Thor spake:
Thor spake:
Harbarth spake:
[126]
Thor spake:
13. “Great trouble, methinks, | would it be to come
to thee,
To wade the waters across, | and wet my middle;
Weakling, well shall I pay | thy mocking words,
If across the sound I come.”
Harbarth spake:
Thor spake:
[127]
Harbarth spake: